The research for this post is now public. See this post for details. A less drastic safeguard is to ensure HTML is disabled in the email client, although the researchers have warned that future exfiltration attacks may work even then.

The research for this post is now public. See this post for details. A less drastic safeguard is to ensure HTML is disabled in the email client, although the researchers have warned that future exfiltration attacks may work even then.

Schinzel referred people this blog post published late Sunday night by the Electronic Frontier Foundation. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. Both Schinzel and the EFF blog post said they will be disclosed late Monday night California time in a paper written by a team of European security researchers. The research team members have been behind a variety of other important cryptographic attacks, including one from 2016 called Drown , which decrypted communications protected by the transport layer security protocol. Given the track record of the researchers and the confirmation from EFF, it's worth heeding the advice to disable PGP and S/MIME in e-mail clients while waiting for more details to be released Monday night.